You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by Gregory Chanan <gc...@cloudera.com> on 2014/07/22 21:39:16 UTC
Review Request 23822: SENTRY-354: Test for update.distrib phase overriding
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/23822/
-----------------------------------------------------------
Review request for sentry and Vamsee Yarlagadda.
Repository: sentry
Description
-------
We need a test for the following issue:
Solr sets the update.distrib phase param to indicate that update processors before the DistribUpdateProcessor can be skipped. A malicious user could do the same thing in order to skip the update index checks, which happen first (i.e. before the DistribUpdateProcessor). SOLR-5395 (in SOLR 4.6) has a feature "RunAlways" which will always run a given processor regardless of the phase. We should use this feature to ensure the update index processor is always run.
NOTE: since this is changing some versions, I think it should go into 1.5.0, once 1.4.0 has been branched.
Diffs
-----
pom.xml 05943c6
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java ad9cf9b
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java b439a91
sentry-tests/sentry-tests-solr/src/test/resources/solr/sentry/test-authz-provider.ini 702cd5a
Diff: https://reviews.apache.org/r/23822/diff/
Testing
-------
Ran the new e2e test.
Thanks,
Gregory Chanan
Re: Review Request 23822: SENTRY-354: Test for update.distrib phase
overriding
Posted by Vamsee Yarlagadda <va...@cloudera.com>.
> On July 24, 2014, 9:16 p.m., Vamsee Yarlagadda wrote:
> > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java, line 142
> > <https://reviews.apache.org/r/23822/diff/1/?file=639709#file639709line142>
> >
> > I am assuming this function can be invoked by any authenticated user. Any particular reason why we hardcoded this for "junit" ?
Maybe we can use AbstractSentryTestBase.getAuthenticatedUser() ?
- Vamsee
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/23822/#review48680
-----------------------------------------------------------
On July 22, 2014, 7:39 p.m., Gregory Chanan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/23822/
> -----------------------------------------------------------
>
> (Updated July 22, 2014, 7:39 p.m.)
>
>
> Review request for sentry and Vamsee Yarlagadda.
>
>
> Repository: sentry
>
>
> Description
> -------
>
> We need a test for the following issue:
>
> Solr sets the update.distrib phase param to indicate that update processors before the DistribUpdateProcessor can be skipped. A malicious user could do the same thing in order to skip the update index checks, which happen first (i.e. before the DistribUpdateProcessor). SOLR-5395 (in SOLR 4.6) has a feature "RunAlways" which will always run a given processor regardless of the phase. We should use this feature to ensure the update index processor is always run.
>
> NOTE: since this is changing some versions, I think it should go into 1.5.0, once 1.4.0 has been branched.
>
>
> Diffs
> -----
>
> pom.xml 05943c6
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java ad9cf9b
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java b439a91
> sentry-tests/sentry-tests-solr/src/test/resources/solr/sentry/test-authz-provider.ini 702cd5a
>
> Diff: https://reviews.apache.org/r/23822/diff/
>
>
> Testing
> -------
>
> Ran the new e2e test.
>
>
> Thanks,
>
> Gregory Chanan
>
>
Re: Review Request 23822: SENTRY-354: Test for update.distrib phase
overriding
Posted by Gregory Chanan <gc...@cloudera.com>.
> On July 24, 2014, 9:16 p.m., Vamsee Yarlagadda wrote:
> > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java, line 142
> > <https://reviews.apache.org/r/23822/diff/1/?file=639709#file639709line142>
> >
> > I am assuming this function can be invoked by any authenticated user. Any particular reason why we hardcoded this for "junit" ?
>
> Vamsee Yarlagadda wrote:
> Maybe we can use AbstractSentryTestBase.getAuthenticatedUser() ?
Or just pass the user to the function.
- Gregory
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/23822/#review48680
-----------------------------------------------------------
On July 22, 2014, 7:39 p.m., Gregory Chanan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/23822/
> -----------------------------------------------------------
>
> (Updated July 22, 2014, 7:39 p.m.)
>
>
> Review request for sentry and Vamsee Yarlagadda.
>
>
> Repository: sentry
>
>
> Description
> -------
>
> We need a test for the following issue:
>
> Solr sets the update.distrib phase param to indicate that update processors before the DistribUpdateProcessor can be skipped. A malicious user could do the same thing in order to skip the update index checks, which happen first (i.e. before the DistribUpdateProcessor). SOLR-5395 (in SOLR 4.6) has a feature "RunAlways" which will always run a given processor regardless of the phase. We should use this feature to ensure the update index processor is always run.
>
> NOTE: since this is changing some versions, I think it should go into 1.5.0, once 1.4.0 has been branched.
>
>
> Diffs
> -----
>
> pom.xml 05943c6
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java ad9cf9b
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java b439a91
> sentry-tests/sentry-tests-solr/src/test/resources/solr/sentry/test-authz-provider.ini 702cd5a
>
> Diff: https://reviews.apache.org/r/23822/diff/
>
>
> Testing
> -------
>
> Ran the new e2e test.
>
>
> Thanks,
>
> Gregory Chanan
>
>
Re: Review Request 23822: SENTRY-354: Test for update.distrib phase
overriding
Posted by Vamsee Yarlagadda <va...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/23822/#review48680
-----------------------------------------------------------
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java
<https://reviews.apache.org/r/23822/#comment85425>
I am assuming this function can be invoked by any authenticated user. Any particular reason why we hardcoded this for "junit" ?
- Vamsee Yarlagadda
On July 22, 2014, 7:39 p.m., Gregory Chanan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/23822/
> -----------------------------------------------------------
>
> (Updated July 22, 2014, 7:39 p.m.)
>
>
> Review request for sentry and Vamsee Yarlagadda.
>
>
> Repository: sentry
>
>
> Description
> -------
>
> We need a test for the following issue:
>
> Solr sets the update.distrib phase param to indicate that update processors before the DistribUpdateProcessor can be skipped. A malicious user could do the same thing in order to skip the update index checks, which happen first (i.e. before the DistribUpdateProcessor). SOLR-5395 (in SOLR 4.6) has a feature "RunAlways" which will always run a given processor regardless of the phase. We should use this feature to ensure the update index processor is always run.
>
> NOTE: since this is changing some versions, I think it should go into 1.5.0, once 1.4.0 has been branched.
>
>
> Diffs
> -----
>
> pom.xml 05943c6
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java ad9cf9b
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java b439a91
> sentry-tests/sentry-tests-solr/src/test/resources/solr/sentry/test-authz-provider.ini 702cd5a
>
> Diff: https://reviews.apache.org/r/23822/diff/
>
>
> Testing
> -------
>
> Ran the new e2e test.
>
>
> Thanks,
>
> Gregory Chanan
>
>
Re: Review Request 23822: SENTRY-354: Test for update.distrib phase
overriding
Posted by Vamsee Yarlagadda <va...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/23822/#review48765
-----------------------------------------------------------
Ship it!
Ship It!
- Vamsee Yarlagadda
On July 25, 2014, 7:06 p.m., Gregory Chanan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/23822/
> -----------------------------------------------------------
>
> (Updated July 25, 2014, 7:06 p.m.)
>
>
> Review request for sentry and Vamsee Yarlagadda.
>
>
> Repository: sentry
>
>
> Description
> -------
>
> We need a test for the following issue:
>
> Solr sets the update.distrib phase param to indicate that update processors before the DistribUpdateProcessor can be skipped. A malicious user could do the same thing in order to skip the update index checks, which happen first (i.e. before the DistribUpdateProcessor). SOLR-5395 (in SOLR 4.6) has a feature "RunAlways" which will always run a given processor regardless of the phase. We should use this feature to ensure the update index processor is always run.
>
> NOTE: since this is changing some versions, I think it should go into 1.5.0, once 1.4.0 has been branched.
>
>
> Diffs
> -----
>
> pom.xml 05943c6
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java ad9cf9b
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java b439a91
> sentry-tests/sentry-tests-solr/src/test/resources/solr/sentry/test-authz-provider.ini 702cd5a
>
> Diff: https://reviews.apache.org/r/23822/diff/
>
>
> Testing
> -------
>
> Ran the new e2e test.
>
>
> Thanks,
>
> Gregory Chanan
>
>
Re: Review Request 23822: SENTRY-354: Test for update.distrib phase
overriding
Posted by Gregory Chanan <gc...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/23822/
-----------------------------------------------------------
(Updated July 25, 2014, 7:06 p.m.)
Review request for sentry and Vamsee Yarlagadda.
Changes
-------
Updated for Vamsee's comments.
Repository: sentry
Description
-------
We need a test for the following issue:
Solr sets the update.distrib phase param to indicate that update processors before the DistribUpdateProcessor can be skipped. A malicious user could do the same thing in order to skip the update index checks, which happen first (i.e. before the DistribUpdateProcessor). SOLR-5395 (in SOLR 4.6) has a feature "RunAlways" which will always run a given processor regardless of the phase. We should use this feature to ensure the update index processor is always run.
NOTE: since this is changing some versions, I think it should go into 1.5.0, once 1.4.0 has been branched.
Diffs (updated)
-----
pom.xml 05943c6
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java ad9cf9b
sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java b439a91
sentry-tests/sentry-tests-solr/src/test/resources/solr/sentry/test-authz-provider.ini 702cd5a
Diff: https://reviews.apache.org/r/23822/diff/
Testing
-------
Ran the new e2e test.
Thanks,
Gregory Chanan